Class X509CRL

Abstract class for an X.509 Certificate Revocation List (CRL).
A CRL is a time-stamped list identifying revoked certificates.
It is signed by a Certificate Authority (CA) and made freely
available in a public repository.

Each revoked certificate is
identified in a CRL by its certificate serial number. When a
certificate-using system uses a certificate (e.g., for verifying a
remote user's digital signature), that system not only checks the
certificate signature and validity but also acquires a suitably-
recent CRL and checks that the certificate serial number is not on
that CRL. The meaning of "suitably-recent" may vary with local
policy, but it usually means the most recently-issued CRL. A CA
issues a new CRL on a regular periodic basis (e.g., hourly, daily, or
weekly). Entries are added to CRLs as revocations occur, and an
entry may be removed when the certificate expiration date is reached.

verify

Verifies that this CRL was signed using the
private key that corresponds to the given public key.
This method uses the signature verification engine
supplied by the given provider. Note that the specified Provider object
does not have to be registered in the provider list.
This method was added to version 1.8 of the Java Platform Standard
Edition. In order to maintain backwards compatibility with existing
service providers, this method is not abstract
and it provides a default implementation.

The Name describes a hierarchical name composed of
attributes,
such as country name, and corresponding values, such as US.
The type of the AttributeValue component is determined by
the AttributeType; in general it will be a
directoryString. A directoryString is usually
one of PrintableString,
TeletexString or UniversalString.

getRevokedCertificate

This method can be used to lookup CRL entries in indirect CRLs,
that means CRLs that contain entries from issuers other than the CRL
issuer. The default implementation will only return entries for
certificates issued by the CRL issuer. Subclasses that wish to
support indirect CRLs should override this method.

Parameters:

certificate - the certificate for which a CRL entry is to be looked
up

Returns:

the entry for the given certificate, or null if no such entry
exists in this CRL.

getSigAlgParams

public abstract byte[] getSigAlgParams​()

Gets the DER-encoded signature algorithm parameters from this
CRL's signature algorithm. In most cases, the signature
algorithm parameters are null; the parameters are usually
supplied with the public key.
If access to individual parameter values is needed then use
AlgorithmParameters
and instantiate with the name returned by
getSigAlgName.